IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Testing and evaluating computer intrusion detection systems
Communications of the ACM
NetSTAT: a network-based intrusion detection system
Journal of Computer Security
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Detecting Anomalous and Unknown Intrusions Against Programs
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Active Mapping: Resisting NIDS Evasion without Altering Traffic
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Validation of Sensor Alert Correlators
IEEE Security and Privacy
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Designing and implementing a family of intrusion detection systems
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
REFACING: An autonomic approach to network security based on multidimensional trustworthiness
Computer Networks: The International Journal of Computer and Telecommunications Networking
Trust-Based Classifier Combination for Network Anomaly Detection
CIA '08 Proceedings of the 12th international workshop on Cooperative Information Agents XII
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Finding Corrupted Computers Using Imperfect Intrusion Prevention System Event Data
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
Improving Anomaly Detection Error Rate by Collective Trust Modeling
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Intrusion detection alarms reduction using root cause analysis and clustering
Computer Communications
Alert correlation survey: framework and techniques
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Journal of Network and Computer Applications
An adaptive architecture of applying vulnerability analysis to IDS alerts
ICAIT '08 Proceedings of the 2008 International Conference on Advanced Infocomm Technology
ICDCN '09 Proceedings of the 10th International Conference on Distributed Computing and Networking
A logic-based model to support alert correlation in intrusion detection
Information Fusion
Panacea: Automating Attack Classification for Anomaly-Based Network Intrusion Detection Systems
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Alert correlation by a retrospective method
ICOIN'09 Proceedings of the 23rd international conference on Information Networking
Alarm clustering for intrusion detection systems in computer networks
Engineering Applications of Artificial Intelligence
Multilevel event correlation based on collaboration and temporal causal correlation
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Risks and Benefits of Signaling Information System Characteristics to Strategic Attackers
Journal of Management Information Systems
On the use of different statistical tests for alert correlation: short paper
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Alert verification evasion through server response forging
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
A scalable aural-visual environment for security event monitoring, analysis, and response
ISVC'07 Proceedings of the 3rd international conference on Advances in visual computing - Volume Part I
An ontology-based intrusion alerts correlation system
Expert Systems with Applications: An International Journal
Proposing a multi-touch interface for intrusion detection environments
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Malware characterization through alert pattern discovery
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
NPSEC'05 Proceedings of the First international conference on Secure network protocols
IDS alert visualization and monitoring through heuristic host selection
ICICS'10 Proceedings of the 12th international conference on Information and communications security
A survey on IDS alerts processing techniques
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
Computer Networks: The International Journal of Computer and Telecommunications Networking
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Prioritizing intrusion analysis using Dempster-Shafer theory
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Nexat: a history-based approach to predict attacker actions
Proceedings of the 27th Annual Computer Security Applications Conference
Janus: a two-sided analytical model for multi-stage coordinated attacks
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
ACARM-ng: next generation correlation framework
Building a National Distributed e-Infrastructure - PL-Grid
CAFS: a novel lightweight cache-based scheme for large-scale intrusion alert fusion
Concurrency and Computation: Practice & Experience
Alert correlation using artificial immune recognition system
International Journal of Bio-Inspired Computation
FuzMet: a fuzzy-logic based alert prioritization engine for intrusion detection systems
International Journal of Network Management
A comprehensive vulnerability based alert management approach for large networks
Future Generation Computer Systems
Network specific false alarm reduction in intrusion detection system
Security and Communication Networks
Network specific vulnerability based alert reduction approach
Security and Communication Networks
Journal of Network and Systems Management
Survey A model-based survey of alert correlation techniques
Computer Networks: The International Journal of Computer and Telecommunications Networking
Security event correlation approach for cloud computing
International Journal of High Performance Computing and Networking
| Hi-index | 0.00 |
Alert correlation is a process that analyzes the alerts produced by one or more intrusion detection systems and provides a more succinct and high-level view of occurring or attempted intrusions. Even though the correlation process is often presented as a single step, the analysis is actually carried out by a number of components, each of which has a specific goal. Unfortunately, most approaches to correlation concentrate on just a few components of the process, providing formalisms and techniques that address only specific correlation issues. This paper presents a general correlation model that includes a comprehensive set of components and a framework based on this model. A tool using the framework has been applied to a number of well-known intrusion detection data sets to identify how each component contributes to the overall goals of correlation. The results of these experiments show that the correlation components are effective in achieving alert reduction and abstraction. They also show that the effectiveness of a component depends heavily on the nature of the data set analyzed.